from winpcapy import WinPcapDevices
from winpcapy import WinPcapUtils
import dpkt
import time
import datetime
# list_device = WinPcapDevices.list_devices()
# print(list_device)
def packet_callback(win_pcap, param, header, pkt_data):
eth = dpkt.ethernet.Ethernet(pkt_data)
# # 判断是否为IP数据报
if not isinstance(eth.data, dpkt.ip.IP):
print("Non IP packet type not supported ", eth.data.__class__.__name__)
return
# 抓IP数据包
packet = eth.data
# 取出分片信息
df = bool(packet.off & dpkt.ip.IP_DF)
mf = bool(packet.off & dpkt.ip.IP_MF)
offset = packet.off & dpkt.ip.IP_OFFMASK
# 输出数据包信息:time,src,dst,protocol,length,ttl,df,mf,offset,checksum
output1 = {'time':time.strftime('%Y-%m-%d %H:%M:%S',(time.localtime()))}
output2 = {'src':'%d.%d.%d.%d'%tuple(packet.src) , 'dst':'%d.%d.%d.%d'%tuple(packet.dst)}
output3 = {'protocol':packet.p, 'len':packet.len, 'ttl':packet.ttl}
output4 = {'df':df, 'mf':mf, 'offset':offset, 'checksum':packet.sum}
print()
print(output1)
print(output2)
print(output3)
print(output4)
#WinPcapUtils.capture_on(pattern="Realtek PCIe GBE Family Controller", callback=packet_callback)
WinPcapUtils.capture_on(pattern="Intel(R) Dual Band Wireless-AC 3165", callback=packet_callback)
from winpcapy import WinPcapDevices
from winpcapy import WinPcapUtils
import dpkt
import time
import datetime
# list_device = WinPcapDevices.list_devices()
# print(list_device)
def packet_callback(win_pcap, param, header, pkt_data):
eth = dpkt.ethernet.Ethernet(pkt_data)
# # 判断是否为IP数据报
if not isinstance(eth.data, dpkt.ip.IP):
print("Non IP packet type not supported ", eth.data.__class__.__name__)
return
# 抓IP数据包
packet = eth.data
# 取出分片信息
df = bool(packet.off & dpkt.ip.IP_DF)
mf = bool(packet.off & dpkt.ip.IP_MF)
offset = packet.off & dpkt.ip.IP_OFFMASK
# 输出数据包信息:time,src,dst,protocol,length,ttl,df,mf,offset,checksum
output1 = {'time':time.strftime('%Y-%m-%d %H:%M:%S',(time.localtime()))}
output2 = {'src':'%d.%d.%d.%d'%tuple(packet.src) , 'dst':'%d.%d.%d.%d'%tuple(packet.dst)}
output3 = {'protocol':packet.p, 'len':packet.len, 'ttl':packet.ttl}
output4 = {'df':df, 'mf':mf, 'offset':offset, 'checksum':packet.sum}
print()
print(output1)
print(output2)
print(output3)
print(output4)
#WinPcapUtils.capture_on(pattern="Realtek PCIe GBE Family Controller", callback=packet_callback)
WinPcapUtils.capture_on(pattern="Intel(R) Ethernet Connection I219-V", callback=packet_callback)
from winpcapy import WinPcapDevices
from winpcapy import WinPcapUtils
import dpkt
import time
import datetime,sys
# list_device = WinPcapDevices.list_devices()
# print(list_device)
def packet_callback(win_pcap, param, header, pkt_data):
eth = dpkt.ethernet.Ethernet(pkt_data)
# # 判断是否为IP数据报
if not isinstance(eth.data, dpkt.ip.IP):
print("Non IP packet type not supported ", eth.data.__class__.__name__)
return
# 抓IP数据包
packet = eth.data
print(packet)
print(type(eth))
print(type(eth.data))
print(type(eth.data.data))
print(type(eth.data.data.data))
print(eth)
print(eth.data.__bytes__())
print(eth.data.__len__())
print(eth.data.src.hex())
print(eth.data.data.ulen)
if not isinstance(eth.data, dpkt.ip.IP): #解包,网络层,判断网络层是否存在,
pass
ip = eth.data
if not isinstance(ip.data, dpkt.udp.UDP): #解包,判断传输层协议是否是TCP,即当你只需要TCP时,可用来过滤
pass
# if not isinstance(ip.data, dpkt.udp.UDP):#解包,判断传输层协议是否是UDP
# continue
udp_data = eth.data.data #传输层负载数据,基本上分析流量的人都是分析这部分数据,即应用层负载流量
if not len(udp_data.data): #如果应用层负载长度为0,即该包为单纯的tcp包,没有负载,则丢弃
pass
all_pcap_data[ts]= eth.data.data.data #将时间戳与应用层负载按字典形式有序放入字典中,方便后续分析.
print(all_pcap_data[ts])
all_pcap_data_hex[ts]=udp_data.data.hex()
# 取出分片信息
df = bool(packet.off & dpkt.ip.IP_DF)
mf = bool(packet.off & dpkt.ip.IP_MF)
offset = packet.off & dpkt.ip.IP_OFFMASK
# 输出数据包信息:time,src,dst,protocol,length,ttl,df,mf,offset,checksum
output1 = {'time':time.strftime('%Y-%m-%d %H:%M:%S',(time.localtime()))}
output2 = {'src':'%d.%d.%d.%d'%tuple(packet.src) , 'dst':'%d.%d.%d.%d'%tuple(packet.dst)}
output3 = {'protocol':packet.p, 'len':packet.len, 'ttl':packet.ttl}
output4 = {'df':df, 'mf':mf, 'offset':offset, 'checksum':packet.sum}
print()
print(output1)
print(output2)
print(output3)
print(output4)
sys.exit(0)
#WinPcapUtils.capture_on(pattern="Realtek PCIe GBE Family Controller", callback=packet_callback)
WinPcapUtils.capture_on(pattern="Realtek PCIe GbE Family Controller", callback=packet_callback)
浙公网安备 33010602011771号